What is the severity of CVE-2008-1198?

CVE-2008-1198 is classified as a medium severity vulnerability due to its potential to allow unauthorized access through insecure configuration.

What systems are affected by CVE-2008-1198?

CVE-2008-1198 affects Red Hat Enterprise Linux versions 3.0, 4.0, and 5.0.

How do I fix CVE-2008-1198?

To mitigate CVE-2008-1198, disable aggressive IKE mode in the racoon configuration or upgrade to a patched version of the software.

What is the main issue with CVE-2008-1198?

The main issue with CVE-2008-1198 is that it allows a fallback to a vulnerable aggressive IKE mode that is susceptible to known attacks.

Is there a workaround for CVE-2008-1198?

A potential workaround for CVE-2008-1198 is to manually adjust the IPSec ifup script to prioritize secure modes over aggressive ones.

Vulnerability/
CVE-2008-1198

high

7.1

CWE

28/2/2008

6/3/2008

7/8/2024

CVE-2008-1198

First published: Thu Feb 28 2008(Updated: )

Description of problem: The default IPSec ifup script (/etc/sysconfig/network-scripts/ifup-ipsec) initializes the racoon configuration to use aggressive IKE mode, then fallback to main IKE mode if that fails: ... remote $DST { exchange_mode aggressive, main; ... Due to widely known attacks, the aggressive mode should be only used when public key authentication is in use. In practice, most administrators use IPSec with PSK authentication, which combined with aggressive mode leads to aforementioned vulnerability. See this whitepaper for more information: <a href="http://www.netsc.ch/IMG/pdf/TargetingIKE_en.pdf">http://www.netsc.ch/IMG/pdf/TargetingIKE_en.pdf</a> The exchange_mode should be changed to "main" only or, for a low-security fallback, to "main, aggressive" (in the opposite order than currently).

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Red Hat Enterprise Linux	=4.0
Red Hat Enterprise Linux	=3.0
Red Hat Enterprise Linux	=5.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2008-1198?
CVE-2008-1198 is classified as a medium severity vulnerability due to its potential to allow unauthorized access through insecure configuration.
What systems are affected by CVE-2008-1198?
CVE-2008-1198 affects Red Hat Enterprise Linux versions 3.0, 4.0, and 5.0.
How do I fix CVE-2008-1198?
To mitigate CVE-2008-1198, disable aggressive IKE mode in the racoon configuration or upgrade to a patched version of the software.
What is the main issue with CVE-2008-1198?
The main issue with CVE-2008-1198 is that it allows a fallback to a vulnerable aggressive IKE mode that is susceptible to known attacks.
Is there a workaround for CVE-2008-1198?
A potential workaround for CVE-2008-1198 is to manually adjust the IPSec ifup script to prioritize secure modes over aggressive ones.

agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/references
agent/severity
agent/weakness
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2008-1198
agent/trending
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
agent/softwarecombine
agent/tags
agent/source
vendor/redhat
canonical/red hat enterprise linux
version/red hat enterprise linux/4.0
version/red hat enterprise linux/3.0
version/red hat enterprise linux/5.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.